Windows Search uses both obfuscation and compression to store some of its data, but according to Forensic analysis of the Windows Search database this is easily circumvented.

+

Windows Search uses both obfuscation and compression to store some of its data, but according to 'Forensic analysis of the Windows Search database' this is easily circumvented.

== See Also ==

== See Also ==

Revision as of 18:59, 26 June 2010

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Windows Desktop Search (or Windows Search) is a 'desktop' indexer for Microsoft Windows.
In Windows XP, Search 4.0 (or Search XP) was an add-on, however Microsoft integrated Search into Windows Vista as 'part of the package'.
The artifacts in the Windows Search database can be useful in forensic analysis of a desktop Windows system, especially Windows Vista and later.

Dirty database

When analyzing Windows Search databases you can come across a 'dirty database'. This is one left in a dirty state.
Some of the tools mentioned before fail to open these databases. You might have to resort to repairing the database or use a tools that does not have such limitations.

Obfuscation and compression

Windows Search uses both obfuscation and compression to store some of its data, but according to 'Forensic analysis of the Windows Search database' this is easily circumvented.